AAPL Stock: 118.03 ( -0.85 )

Printed from

Apple criticized for security advisories

updated 10:00 pm EDT, Tue May 4, 2004

Apple security advistories

Security analysts are , saying that the company is severely downplaying the seriousness: "Five vulnerabilities released Monday affect various components of the Mac OS X operating system. The greatest threat is a buffer overflow in the Apple file-sharing system that could allow a remote attacker to take over control of the system. But the company described it as a correction 'to improve the handling of long passwords.'... Most security companies normally classify a remotely exploitable software flaw as a 'critical' vulnerability."

by MacNN Staff




  1. phillymjs

    Joined: Dec 1969



    It's a ZDNet article, so you know it's 100% objective. ;-)

    From the article:
    "They are not characterizing the issue so that people can make a security decision about it," said Chris Wysopal, vice president of research and development at @Stake, a digital security firm that found the flaw and reported it to Apple. "It seems they think that everyone will update their computers all the time, and that is not the way the world works."

    That's not the way the *Windows* world works, bub, because the dumb users don't know to update and the smart users are afraid to update lest the update break a critical app. Mac users *always* install their patches-- we might wait up to a week to make sure everything's cool, but we always install our patches.

  1. JeffHarris

    Joined: Dec 1969


    Song of the Shill

    Leave to ZDNet.

    Apple actually PLUGGED the security holes, BEFORE they were widely reported... and ZD complains.

    Windows, that a huge block of Swiss cheese at a picnic surrounded by ants, flies and maggots, and does ZD complain? Nah.

  1. graey

    Joined: Dec 1969



    Let's many systems had the vulnerability exploited, (other than the ones in the hands of the "security" people)? Would that be...none? If none were compromised then I fail to see how it is "critical".....maybe it's just me.

  1. LouZer

    Joined: Dec 1969



    Isn't the fact they're releasing a security update info enough to know there's a problem. I mean, who reads MS security bulletins? They just know "Hey, there's a security patch available, it must be important". Most users don't read each one going "Hmm, according to this its only a problem if I receive an email containing a movie file with a real long file name and someone says the word 'p****'. I don't get movies, so I'll ignore that one...

    Oh, and to the guy who says its not critical because no one's broken it yet, keep in mind that Sasser chews through a HUGE hole in XP, but the fix for it was released as 'critical' not because it was a problem, but because it COULD be a serious problem (gee, just like it is). At least the Apple file being whined about requires you to have file sharing turned on and all that kind of fun. The Sasser worm just infects anyone unpatched, without the user necessary being the wiser.

  1. vortexlift

    Joined: Dec 1969


    The Sky Is Falling!

    Boy, it's sure nice know people in the internet security biz knows how to scare up some business! : o
    Sarcasm aside, does anyone know of a single piece of malicious code loose in the "wild" that exploits any of the recent batch of "security holes" that's been discovered?

  1. Nitride

    Joined: Dec 1969


    Buffer Overflow Overhype

    Buffer Overflows are about as bad as iChat AV crashing in the middle of a steamy chat with your girlfriend. Frustrating, embarrassing and easy to forget about.

    There is simply no way to execute random code via a buffer overflow using a "specially crafted file" on the Macintosh platform. The fundamental differences in the processor and OS from Intel makes this impossible.

    Now, you could somehow get a rogue file on a user's system, crash a daemon and when it restarted it could load a compromised file somehow, but that is entirely different than what these overzealous security experts are screaming about.

    This scenario however requires a significant series of steps to gain access to a user's system and also admin or 'root' priveleges to install compromised files and then crash a daemon.

    So far Apple's most serious compromises require a person to be physically seated in front of a Mac OS X computer to gain access of some level.

    And all security fixes are rolled into each other or in general Mac OS X updates, and based on my reading of web logs and email headers most Mac people on the internet are fully up to date.

  1. Nitride

    Joined: Dec 1969



    No one seems all that upset that a large number of grocery stores were all but shutdown by the latest Windows virus, at least in the South East area.

    The stores could not process any network-based transactions (checks, CCs, Debit cards) at all due to the shutdown of the network either due to or to help stop the latest virus on Windows.

    We repeatedly told the store to put out a sign, but of course that would drive away non-cash business instead of keeping people in the store shopping only to find out they must wait 15 minutes for their checkout process to be completed manually with a telephone call.

    The pharmacy was shutdown because of this as well. All because some kid somewhere didn't get enough attention from his Baby Boomer parents.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented